\contentsline {section}{List of Figures}{5}{chapter*.1}
\contentsline {section}{List of Tables}{6}{chapter*.2}
\contentsline {chapter}{\numberline {1}Introduction}{1}{chapter.1}
\contentsline {section}{\numberline {1.1}Introduction}{1}{section.1.1}
\contentsline {subsection}{\numberline {1.1.1}Malware}{1}{subsection.1.1.1}
\contentsline {chapter}{\numberline {2}Back ground}{3}{chapter.2}
\contentsline {section}{\numberline {2.1}Virus total}{3}{section.2.1}
\contentsline {subsection}{\numberline {2.1.1}MD5 hash}{3}{subsection.2.1.1}
\contentsline {subsection}{\numberline {2.1.2}Using virus total to getting vendor name}{3}{subsection.2.1.2}
\contentsline {section}{\numberline {2.2}PE file format}{3}{section.2.2}
\contentsline {subsection}{\numberline {2.2.1}PE file overview}{3}{subsection.2.2.1}
\contentsline {subsection}{\numberline {2.2.2}PE Format}{3}{subsection.2.2.2}
\contentsline {section}{\numberline {2.3}PE header}{3}{section.2.3}
\contentsline {section}{\numberline {2.4}Decision tree}{3}{section.2.4}
\contentsline {chapter}{\numberline {3}Problem and our approach}{4}{chapter.3}
\contentsline {section}{\numberline {3.1}Dynamic analysis}{4}{section.3.1}
\contentsline {section}{\numberline {3.2}Static analysis}{5}{section.3.2}
\contentsline {subsection}{\numberline {3.2.1}N-grams}{5}{subsection.3.2.1}
\contentsline {subsection}{\numberline {3.2.2}Flow graph}{5}{subsection.3.2.2}
\contentsline {subsection}{\numberline {3.2.3}Approach}{5}{subsection.3.2.3}
\contentsline {chapter}{\numberline {4}Implementation}{6}{chapter.4}
\contentsline {section}{\numberline {4.1}Over view}{6}{section.4.1}
\contentsline {section}{\numberline {4.2}Classification based on machine learning technique}{7}{section.4.2}
\contentsline {subsection}{\numberline {4.2.1}PE file meta-data}{7}{subsection.4.2.1}
\contentsline {subsection}{\numberline {4.2.2}Create training data}{8}{subsection.4.2.2}
\contentsline {subsection}{\numberline {4.2.3}Classification}{9}{subsection.4.2.3}
\contentsline {chapter}{\numberline {5}Evaluation}{12}{chapter.5}
\contentsline {section}{\numberline {5.1}collection}{12}{section.5.1}
\contentsline {section}{\numberline {5.2}Speed evaluation}{13}{section.5.2}
\contentsline {section}{\numberline {5.3}Effective evaluation}{13}{section.5.3}
\contentsline {chapter}{\numberline {6}Conclusion}{15}{chapter.6}
\contentsline {chapter}{\numberline {7}Future work}{16}{chapter.7}
\contentsline {chapter}{References}{ii}{section*.4}
